Issue:

Published documentation are shown documentation page in API portal.

They can set permission of user and role.

But if direct URL link of documentation is set in browser, it is shown without login.

for example:

http://{API_Portal_Server}/resources/documentation/xxxx

In that case, Permission isn't effective.

It is an important security issue.

Workaround:

You can set permission resource of CMS.

This will prevent any unauthenticated visitor from seeing that page.

for example:

In CMS -> [CONTENT ITEMS] / resources/ documentation,

Select Action->properties on the target item.

Select Security tab.

Un-check "All Users" -> View and save

log out and restart browser

set direct link

Result: show 404 not found page.